[LINK] Is it just me, or is this daft?

Steven Clark maelorin at gmail.com
Thu Mar 17 21:18:16 AEDT 2011 

It's only daft from the outside ;) (also, we're doing this post-factom, for extra points. Things are always 'more' obvious after the event :)

You haven't named the design principle you have in mind, Roger, but I suspect you refer to the idea of failing safe. Which is often confused with the supposed notion of 'fail safe'.

The first leads to designs with safe default conditions. The latter with systems that are supposed to intervene when things go wrong. Which of course they do, including to the safety mechanisms. (the complex a system, the more that can go wrong. And failures tend to lead to cascades of failures ...)

Instead of defaulting to off, these stations default to on. Seemed like a good idea to the guys in the room at the time. (after all, how often are we gonna want to turn off the thing making the power for all the other things?)

Oops. (which is perhaps the most terrifying word after all ...)

All too often, engineers and other experts miss what a five-year-old can see right away. Exacerbated by the Emperor's New Clothes, aka groupthink. 

As I sat in a University Library today, I overheard a trio take a perfectly simple problem and over a few iterations, and about an hour, sketch out a wonderfully complicated technological 'solution'.

The problem being: how to get students learning a second language together with native speakers so each can practice: in particular English speakers with non-English speakers. Apparently a database will be required. And Skype. And parental controls (as proxy for privacy?). And so on. The database guy was sure this was simple. He'd done an Access database in high school. So that's alright ...

[I'd have arranged for the international students they complained about to be paired up with a domestic student as a 'study-buddy' and 'settling-in' helper; for the visitor's first year and the local's final or penultimate year in the language.]

The design flaw/s in these reactors have been around for quite a while. But until now, no one appears to have stopped to think through the logic of the design. Or if they did, they probably 'assumed' it away through a series of perfectly logical, completely erroneous assumptions. (perhaps the same occurred at Chernobyl?)

I suspect a few people are now thinking quite a lot about the (short-term) solution.
---
Steven R Clark
Sent from my outboard brain ...

On 17/03/2011, at 19:54, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:

> Pardon me if this has already been discussed and I missed it.
> 
> There's an important design principle that's all too frequently overlooked.
> 
> The principle seems to have been overlooked in the case of the 
> Japanese nuclear power plant, and that seems to have at least 
> exacerbated the problem, possibly in two separate ways.
> 
> 
> Maybe the logic went like this:
> 
> We're a power plant, right?  Power is what we produce.
> 
> We won't be short of power here.  So we can design our monitoring 
> systems, and our control systems, and our fallback systems, on the 
> assumption that we have power.
> 
> And it doesn't matter if those systems are power-hungry, because, 
> well, we're a power plant.
> 
> And hence:
> -   the towers can be tall
> -   we can put the entry-points for the coolant high up the towers
> -   we can store the spent rods up on top of that
> 
> 
> And then maybe what happened was:
> 
> -   2 of the 6 reactors were closed down at the time.
>     Nothing unusual about that.
> 
> -   a 9.0 earthquake happened close by.
>     Not a big problem.  We designed for that, and it worked okay.
>     We may be down briefly, but we have systems and procedures.
> 
> -   a several-metre tsunami ran through the power plant.
>     A bit more of a problem that, but nothing too grave.
>     We may be down for a while but we have systems and procedures.
> 
> -   the tsunami also ran through the local area.
>     So?
> 
>     Oh, *those* power poles?!
>     But we're a power plant, so we'll be okay.
> 
>     Oh, you mean we can't generate power while we're running the
>     systems and procedures that we need to in order to recover from
>     the effects of the earthquake and the tsunami?
>     Ah, but we have diesel generators, so we'll be okay.
> 
>     Oh, you mean they only generate enough to keep the lights on,
>     the door-controls operational, and the control-boards working.
>     Well, bring in some more generators.
> 
>     Oh, so the power needed to push water up the towers in the volume
>     that we need to cool the rods is more than diesel generators can
>     deliver?
> 
>     Ah, so.
> 
> 
> -- 
> Roger Clarke                                 http://www.rogerclarke.com/
> 
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
>                    Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
> 
> Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
> Visiting Professor in Computer Science    Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list